I have Postfix configured to filter mail using the SpamAssassin spamd daemon. I noticed recently that some spam messages would be delivered to my inbox with no SpamAssassin headers added. I tracked this down to the fact that I had a daily cron job to update SpamAssassin with sa-update and restart spamd. When Postfix gets a mail while spamd happens to be restarting, it delivers it with no filtering.
My solution was to alter the cron job to stop Postfix before restarting spamd and restart it after. Is this the best solution? Can I somehow tell Postfix to pause all delivery? Can I change the call to spamd so that it blocks until spamd comes back?
Here's the SpamAssassin line from my /etc/postfix/master.cf:
spamassassin unix - n n - - pipe user=nobody argv=/usr/bin/spamc -u ${user} -e /usr/sbin/sendmail -oi -f ${sender} ${recipient}
I found references to using postsuper -h ALL to put delivery on hold but this only seems to hold messages currently in a Postfix queue. New messages that come in after I issue postsuper -h ALL are still delivered normally.
This is not a Postfix bug, but a bad spamc behavior. As of the spamc documentation (see Exit codes) there is no exit code produced when there is an error. And the missing spamd is an error (in my eyes).
And because of the Postfix pipe documentation Postfix will treat the exit code 0 as a successful delivery.
So you should (as mentioned in the spamc doc) set an
-xflag in the pipe call. Then Postfix queues the mail for later delivery (and a later scan if spamd is ready again).There is no need to pause or halt Postfix. Just a configuration issue.